Dark web gets stamp of legitimacy from internet authorities

The “dark web” now has legitimacy and an extra layer of safety, after authorities granted official status to sites using the Tor anonymization service on Wednesday.

The dark web has been the stuff of internet urban legends and the subject of dramatic crime television shows, but the reality is much less titillating. It’s any part of the web that requires special software to access, often for the purpose of anonymization and security.

The most widely used example of this is Tor, an acronym for “the onion browser.” The special sites that require the software to be accessed consequently have domains names ending in “.onion.” Now, thanks to the Internet Engineering Task Force (IETF) and the Internet Assigned Numbers Authority (IANA), .onion sites have “Special Use Domain” status.

This means .onion domains can only be used by sites within the Tor network, and that the administrators of those sites can apply for security certificates that ensure the identity of their sites for users that access it.

These changes were proposed to the IETF by Tor security researcher Jacob Appelbaum and Facebook security engineer Alec Muffett.

This has implications for Tor users beyond mere legitimization. Up until now, the .onion top-level domain (that is, the .com or .org part of the domain name) didn’t make sense to the worldwide Domain Name System (DNS) and, consequently, DNS servers would cache requests for Tor sites, sometimes leaving footprints that could be used by the prying eyes of law enforcement. With the new special status, DNS requests for Tor sites will be recognized as usual, keeping no information specifically from Tor users.

“This enables the Tor .onion ecosystem to benefit from the same level of security you can get in the rest of the web,” Richard Barnes, Firefox’s Security Lead at Mozilla told Motherboard. “It adds a layer of security on top.”

Digital privacy advocates like Appelbaum consider this is big stride forward, and not just for Tor. He told Motherboard that this latest move by authorities means that the IETF is “starting to take privacy seriously,” and “working towards privacy by design.”